Quarterly VoIP Vulnerabilities Summary

While most VoIP-related vulnerabilities are posted to the VOIPSA mailing list or blog, I thought it might be useful to have a informal quarterly summary of sorts among VoIP devices per searches from NIST.  I hope folks find it helpful, and of course post comments if I’ve overlooked anything from 1 January 2008 through 31 March 2008.

VoIP Firewalls

Cisco Phones

  • CVE-2008-0531 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
  • CVE-2008-0530 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
  • CVE-2008-0529 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
  • CVE-2008-0528 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
  • CVE-2008-0527 Cisco Unified IP Phone 7935 and 7936 2/14/2008
  • CVE-2008-0526 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G 2/14/2008
  • CVE-2008-1113 Cisco Unified Wireless IP Phone 7921 3/3/2008

Snom Phones

Vocera Phones

Routers & Gateways

Asterisk PBX

Cisco Call Manager

  • CVE-2008-0026 Cisco Unified CallManager/Communications Manager 2/14/2008
  • CVE-2008-0027 Cisco Unified Communications Manager 1/16/2008

UPDATE 4/15/08

  • Milw0rm 5113 Philips VOIP841 PC-Free DECT 6.0 Wireless IP Phone 2-14-2008